Vulnerabilities > Google
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2012-09-15 | CVE-2012-4001 | Improper Input Validation vulnerability in Google MOD Pagespeed The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified vectors, as demonstrated by requests to intranet servers. | 5.0 |
2012-09-13 | CVE-2012-4909 | Information Exposure vulnerability in Google Chrome Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. | 4.3 |
2012-09-13 | CVE-2012-4908 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. | 7.5 |
2012-09-13 | CVE-2012-4907 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 18.0.1025308 on Android does not properly restrict access from JavaScript code to Android APIs, which allows remote attackers to have an unspecified impact via a crafted web page. | 9.3 |
2012-09-13 | CVE-2012-4906 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4903. | 5.0 |
2012-09-13 | CVE-2012-4905 | Cross-Site Scripting vulnerability in Google Chrome Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)." | 4.3 |
2012-09-13 | CVE-2012-4904 | Cross-Site Scripting vulnerability in Google Chrome Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab. | 4.3 |
2012-09-13 | CVE-2012-4903 | Permissions, Privileges, and Access Controls vulnerability in Google Chrome Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906. | 5.0 |
2012-08-31 | CVE-2012-4171 | Remote Denial of Service vulnerability in Adobe Flash Player and AIR Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and before 11.1.115.17 on Android 4.x; Adobe AIR before 3.4.0.2540; and Adobe AIR SDK before 3.4.0.2540 allow attackers to cause a denial of service (application crash) by leveraging a logic error during handling of Firefox dialogs. | 5.0 |
2012-08-29 | CVE-2012-3979 | Remote Code Execution vulnerability in Mozilla Firefox Mozilla Firefox before 15.0 on Android does not properly implement unspecified callers of the __android_log_print function, which allows remote attackers to execute arbitrary code via a crafted web page that calls the JavaScript dump function. | 6.8 |